CERTIFICATION OF DATA CENTER LOCATIONS

Since 2013, CIS has not only provided accredited certifications in the field of the ISO Management Systems but has also conducted audits and provided certifications for data center locations, following the auditing criteria established in the recognized American Standard ANSI/TIA-942-A-2012. Upon publication of the EN 50600 Series “Data Centre facilities and infrastructures”, the auditing criteria will be adapted to this European Standard step by step. Furthermore, it is intended to update existing Certificates for data center locations, which have already been issued by CIS, in the course of Surveillance and Recertification Audits acc. to EN 50600.

Infrastructural areas for data center locations and the four-level rating systemAt a CIS Certification Audit, four infrastructural areas will be investigated:• “T” – Telecommunications: physical IT network, passive components;• “E” – Electrical: energy supply and distribution;• “A” – Architectural: architecture and physical security;• “M” – Mechanical: air conditioning, ventilation and house engineeringReferences to other Standards with their quality criteria and requirements, which are contained in ANSI/TIA-942-A-2012, mainly focus on the North American region and therefore often cannot be converted or used outside the North American region easily. In the course of the CIS Audits, the most important requirements of these referenced Standards will be interpreted and compared to evidence that the “data center location” can furnish and the circumstances in which this location operates for purposes of classification acc. to the rating system. The generic definitions of the four levels in the rating system of ANSI/TIA-942-A-2012 are the following:Tier 1: “Basis”Tier 2: “Redundant components”Tier 3: “Concurrent maintainability”Tier 4: “Fault tolerance”

When auditing data centers, CIS primarily acts according to one single Standard recognized on an international scale. This helps to avoid the necessity to collect requirements of different Standards in order to establish a proprietary audit catalogue and thus to make the audits as transparent as possible. By doing so, CIS pursues its strategy that has stood the test in the accredited certification services relating to ISO management systems.

Being an accredited Certification Body for information security acc. to ISO/IEC 27001 and IT service management acc. to ISO/IEC 20000, CIS has the required experience and due diligence in the field of the requirements placed on the quality and security of provision of central IT services in data centers.

Integration in management systems acc. to ISO 20000 and ISO 27001: The requirements that the two Standards place on physical and environmental security largely overlap with the requirements placed on a secure data center. Thus system integration is possible and can help to reduce the overall expenditure for Certification Audits. CIS offers efficient combined audits for integrated systems.